package jdbclianxi20250325;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * 使用预编译SQL语句解决SQL注入攻击问题
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        try(Connection connection = DBUtil.getConnection()){
            String sql = "select id,username,password,nickname,age " +
                         "from user " +
                         "where username=? and password =?";
            //先将预编译SQL语句发送给数据库，将语句作用定死
            PreparedStatement preparedStatement = connection.prepareStatement(sql);
            //将?对应的值设置好
            preparedStatement.setString(1,"张三");
            preparedStatement.setString(2,"123456");

            ResultSet resultSet = preparedStatement.executeQuery();
            if(resultSet.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }

        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
